CVE-2024-48886

Summary

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.4.0 <= 7.4.4affected
FortinetFortiOS7.2.0 <= 7.2.8affected
FortinetFortiOS7.0.0 <= 7.0.15affected
FortinetFortiOS6.4.0 <= 6.4.15affected
FortinetFortiProxy7.4.0 <= 7.4.4affected
FortinetFortiProxy7.2.0 <= 7.2.10affected
FortinetFortiProxy7.0.0 <= 7.0.17affected
FortinetFortiProxy2.0.0 <= 2.0.14affected

Weaknesses

  • CWE-1390: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References